BrainWise-DEV · engahmed1190 · May 14, 2026 · May 13, 2026
diff --git a/pos_next/company_isolation.py b/pos_next/company_isolation.py
@@ -1,7 +1,14 @@
 import frappe
 
+
 def get_user_companies(user=None):
-	"""Return company names the current user is allowed to access."""
+	"""Return company names the current user is allowed to access.
+
+	Used by `validations.item_query` and any other code that wants to scope a
+	query to the user's companies. Empty list means "no company restriction
+	derivable for this user" — callers decide whether that should fall through
+	to stock permission handling or block the query.
+	"""
 	user = user or frappe.session.user
 
 	if user == "Administrator":
@@ -30,84 +37,3 @@ def get_user_companies(user=None):
 		companies.add(employee_company)
 
 	return sorted(companies)
-
-
-def _build_company_condition(doctype, user=None):
-	user = user or frappe.session.user
-	if user == "Administrator":
-		return ""
-
-	companies = get_user_companies(user)
-	if not companies:
-		return "1=0"
-
-	companies_sql = ", ".join(frappe.db.escape(company) for company in companies)
-	return f"`tab{doctype}`.`custom_company` IN ({companies_sql})"
-
-
-def _has_company_permission(doc, user=None):
-	user = user or frappe.session.user
-	if user == "Administrator":
-		return True
-
-	companies = set(get_user_companies(user))
-	if not companies:
-		return False
-
-	return doc.get("custom_company") in companies
-
-
-def customer_permission_query_conditions(user):
-	return _build_company_condition("Customer", user)
-
-
-def supplier_permission_query_conditions(user):
-	return _build_company_condition("Supplier", user)
-
-
-def item_group_permission_query_conditions(user):
-	return _build_company_condition("Item Group", user)
-
-
-def customer_group_permission_query_conditions(user):
-	return _build_company_condition("Customer Group", user)
-
-
-def supplier_group_permission_query_conditions(user):
-	return _build_company_condition("Supplier Group", user)
-
-
-def brand_permission_query_conditions(user):
-	return _build_company_condition("Brand", user)
-
-
-def price_list_permission_query_conditions(user):
-	return _build_company_condition("Price List", user)
-
-
-def customer_has_permission(doc, user=None, permission_type=None):
-	return _has_company_permission(doc, user)
-
-
-def supplier_has_permission(doc, user=None, permission_type=None):
-	return _has_company_permission(doc, user)
-
-
-def item_group_has_permission(doc, user=None, permission_type=None):
-	return _has_company_permission(doc, user)
-
-
-def customer_group_has_permission(doc, user=None, permission_type=None):
-	return _has_company_permission(doc, user)
-
-
-def supplier_group_has_permission(doc, user=None, permission_type=None):
-	return _has_company_permission(doc, user)
-
-
-def brand_has_permission(doc, user=None, permission_type=None):
-	return _has_company_permission(doc, user)
-
-
-def price_list_has_permission(doc, user=None, permission_type=None):
-	return _has_company_permission(doc, user)
diff --git a/pos_next/hooks.py b/pos_next/hooks.py
@@ -137,29 +137,6 @@
 # notification_config = "pos_next.notifications.get_notification_config"
 
 # Permissions
-# -----------
-# Permissions evaluated in scripted ways
-
-permission_query_conditions = {
-	"Customer": "pos_next.company_isolation.customer_permission_query_conditions",
-	"Supplier": "pos_next.company_isolation.supplier_permission_query_conditions",
-	"Item Group": "pos_next.company_isolation.item_group_permission_query_conditions",
-	"Customer Group": "pos_next.company_isolation.customer_group_permission_query_conditions",
-	"Supplier Group": "pos_next.company_isolation.supplier_group_permission_query_conditions",
-	"Brand": "pos_next.company_isolation.brand_permission_query_conditions",
-	"Price List": "pos_next.company_isolation.price_list_permission_query_conditions",
-}
-
-has_permission = {
-	"Customer": "pos_next.company_isolation.customer_has_permission",
-	"Supplier": "pos_next.company_isolation.supplier_has_permission",
-	"Item Group": "pos_next.company_isolation.item_group_has_permission",
-	"Customer Group": "pos_next.company_isolation.customer_group_has_permission",
-	"Supplier Group": "pos_next.company_isolation.supplier_group_has_permission",
-	"Brand": "pos_next.company_isolation.brand_has_permission",
-	"Price List": "pos_next.company_isolation.price_list_has_permission",
-}
-
 # Standard Queries
 # ----------------
 # Custom query for company-aware item filtering

diff --git a/pos_next/pos_next/custom/brand.json b/pos_next/pos_next/custom/brand.json
@@ -10,7 +10,7 @@
    "module": "POS Next",
    "name": "Brand-custom_company",
    "options": "Company",
-   "reqd": 1
+   "reqd": 0
   }
  ],
  "custom_perms": [],

diff --git a/pos_next/pos_next/custom/customer.json b/pos_next/pos_next/custom/customer.json
@@ -10,7 +10,7 @@
    "module": "POS Next",
    "name": "Customer-custom_company",
    "options": "Company",
-   "reqd": 1
+   "reqd": 0
   }
  ],
  "custom_perms": [],

diff --git a/pos_next/pos_next/custom/customer_group.json b/pos_next/pos_next/custom/customer_group.json
@@ -10,7 +10,7 @@
    "module": "POS Next",
    "name": "Customer Group-custom_company",
    "options": "Company",
-   "reqd": 1
+   "reqd": 0
   }
  ],
  "custom_perms": [],

diff --git a/pos_next/pos_next/custom/item.json b/pos_next/pos_next/custom/item.json
@@ -56,7 +56,7 @@
    "read_only": 0,
    "read_only_depends_on": null,
    "report_hide": 0,
-   "reqd": 1,
+   "reqd": 0,
    "search_index": 0,
    "show_dashboard": 0,
    "sort_options": 0,

diff --git a/pos_next/pos_next/custom/item_group.json b/pos_next/pos_next/custom/item_group.json
@@ -10,7 +10,7 @@
    "module": "POS Next",
    "name": "Item Group-custom_company",
    "options": "Company",
-   "reqd": 1
+   "reqd": 0
   }
  ],
  "custom_perms": [],

diff --git a/pos_next/pos_next/custom/price_list.json b/pos_next/pos_next/custom/price_list.json
@@ -10,7 +10,7 @@
    "module": "POS Next",
    "name": "Price List-custom_company",
    "options": "Company",
-   "reqd": 1
+   "reqd": 0
   }
  ],
  "custom_perms": [],

diff --git a/pos_next/pos_next/custom/supplier.json b/pos_next/pos_next/custom/supplier.json
@@ -10,7 +10,7 @@
    "module": "POS Next",
    "name": "Supplier-custom_company",
    "options": "Company",
-   "reqd": 1
+   "reqd": 0
   }
  ],
  "custom_perms": [],

diff --git a/pos_next/pos_next/custom/supplier_group.json b/pos_next/pos_next/custom/supplier_group.json
@@ -10,7 +10,7 @@
    "module": "POS Next",
    "name": "Supplier Group-custom_company",
    "options": "Company",
-   "reqd": 1
+   "reqd": 0
   }
  ],
  "custom_perms": [],

diff --git a/pos_next/test_company_isolation.py b/pos_next/test_company_isolation.py
diff --git a/pos_next/validations.py b/pos_next/validations.py
@@ -40,17 +40,16 @@ def item_query(doctype, txt, searchfield, start, page_len, filters):
 	company = filters.get("company") if filters else None
 
 	if company:
-		# Show only items for the selected company
-		conditions.append("custom_company = %s")
+		conditions.append("(custom_company = %s OR custom_company IS NULL OR custom_company = '')")
 		values.append(company)
 	else:
 		user_companies = get_user_companies()
 		if user_companies:
 			placeholders = ", ".join(["%s"] * len(user_companies))
-			conditions.append(f"custom_company IN ({placeholders})")
+			conditions.append(
+				f"(custom_company IN ({placeholders}) OR custom_company IS NULL OR custom_company = '')"
+			)
 			values.extend(user_companies)
-		else:
-			conditions.append("1 = 0")
 
 	query = f"""
 		SELECT name, item_name, item_group